Weekend Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sale65best

How to Pass the Amazon Web Services SOA-C01 Exam: Comprehensive AWS Certified SysOps Administrator - Associate Guide and Tips

Questions 31

An application is being migrated to AWS with the requirement that archived data be retained for at least 7 years.

What Amazon Glacier configuration option should be used to meet this compliance requirements?

Options:

A.

A Glacier data retrieval policy.

B.

A Glacier Vault access policy.

C.

A Glacier vault lock policy.

D.

A Glacier vault notification

Buy Now
Questions 32

A company needs to migrate an on-premises asymmetric key management system into AWS.

Which AWS service should be used to accomplish this?

Options:

A.

AWS Certificate Manager

B.

AWS CloudHSM

C.

AWS KMS

D.

AWS Secrets Manager

Buy Now
Questions 33

A SysOps Administrator using AWS KMS needs to rotate all customer master keys (CMKs) every week to meet information security guidelines.

Which option would meet the requirement?

Options:

A.

Create a new CMK every 7 days to manually rotate the encryption keys.

B.

Enable key rotation on the CMKs and set the rotation period 7 days.

C.

Switch to using AWS CloudHSM as AWS KMS does not support key rotation.

D.

Use data keys for each encryption task to avoid the need to rotate keys.

Buy Now
Questions 34

A SysOps Administrator is running Amazon EC2 instances in multiple AWS Regions. The Administrator wants to aggregate the CPU utilization for all instances onto an Amazon CloudWatch dashboard. Each region should be present on the dashboard and represented by a single graph that contains the CPU utilization for all instances in that region.

How can the Administrator meet these requirements?

Options:

A.

Create a cross-region dashboard using AWS Lambda and distribute it to all regions

B.

Create a custom CloudWatch dashboard and add a widget for each region in the AWS Management

Console

C.

Enable cross-region dashboards under the CloudWatch section of the AWS Management Console

D.

Switch from basic monitoring to detailed monitoring on all instances

Buy Now
Questions 35

An application is currently deployed on several Amazon EC2 instances that reside within a VPC. Due to compliance requirements the EC2 instances cannot have access to the public internet. SysOps Administrator require SSH access to EC2 instances from their corporate office to perform maintenance and other administrative tasks.

Which combination of actions should be taken to permit SSH access to the EC2 instances while meeting the compliance requirement? (Select TWO)

Options:

A.

Attach a NAT gateway to the VPC and configure routing

B.

Attach a virtual private gateway to the VPC and configure routing

C.

Attach an internet gateway to the VPC and configure routing

D.

Configure a VPN connection back to the corporate office.

E.

Configure an Application Load Balancer in front of the EC2 instances

Buy Now
Questions 36

A SysOps Administrator has been notified that some Amazon EC2 instances in the company’s environment might have a vulnerable software version installed.

What should be done to check all of the instances in the environment with the LEAST operational overhead?

Options:

A.

Create and run an Amazon Inspector assessment template.

B.

Manually SSH into each instance and check the software version.

C.

Use AWS CloudTrail to verify Amazon EC2 activity in the account.

D.

Write a custom script and use AWS CodeDeploy to deploy to Amazon EC2 instances.

Buy Now
Questions 37

A sysops administrator is writing an AWS Cloud Formation template. The template will create a new Amazon S3 bucket and copy objects from an existing Amazon S3 bucket into the new bucket. The objects include data files, images, and scripts.

How should the CIoudFormation template be configured to perform this copy operation?

Options:

A.

Configure an AWS Data Pipeline resource with a CopyActivity activity object. Specify the input and output bucket names and a list of object keys.

B.

Configure the S3 bucket resource to activate cross-Region replication. Point to the existing S3 bucket and specify a list of object keys to replicate.

C.

Create an AWS Lambda function that can perform the copy operation. Add the Lambda function to the template as a custom resource.

D.

Specify the commands to copy the objects in the user data field of the template's S3 bucket resource.

Buy Now
Questions 38

A company would like to review each change in the infrastructure before deploying updates in its AWS CloudFormation stacks.

Which action will allow an Administrator to understand the impact of these changes before implementation?

Options:

A.

Implement a blue/green strategy using AWS Elastic Beanstalk.

B.

Perform a canary deployment using Application Load Balancers and target groups.

C.

Create a change set for the running stack.

D.

Submit the update using the UpdateStack API call.

Buy Now
Questions 39

A company’s use of AWS Cloud services is quickly growing, so a SysOps Administrator has been asked to generate details of daily spending to share with management.

Which method should the Administrator choose to produce this data?

Options:

A.

Share the monthly AWS bill with management.

B.

Use AWS CloudTrail Logs to access daily costs in JSON format.

C.

Set up daily Cost and Usage Report and download the output from Amazon S3.

D.

Monitor AWS costs with Amazon Cloud Watch and create billing alerts and notifications.

Buy Now
Questions 40

The Security team has decided that there will be no public internet access to HTTP (TCP port 80) because if it is moving to HTTPS for all incoming web traffic. The team has asked a SysOps Administrator to provide a report on any security groups that are not compliant.

What should the SysOps Administrator do to provide near real-time compliance reporting?

Options:

A.

Enable AWS Trusted Advisor and show the Security team that the Security Groups unrestricted access check will alarm.

B.

Schedule an AWS Lambda function to run hourly to scan and evaluate all security groups, and send a report to the Security team.

C.

Use AWS Config to enable the restricted-common-ports rule, and add port 80 to the parameters.

D.

Use Amazon Inspector to evaluate the security groups during scans, and send the completed reports to the Security team.

Buy Now
Exam Code: SOA-C01
Exam Name: AWS Certified SysOps Administrator - Associate
Last Update: Oct 14, 2024
Questions: 263

PDF + Testing Engine

$159.99
$56

Testing Engine

$119.99
$42

PDF (Q&A)

$99.99
$35